Versio.io

CVE-2019-13946

Common vulnerabilities & exposures (CVE)

CVE databaseCVE database blogpostRelease & EoL database
 
Published at: - 11-02-2020 05:15
Last modified: - 12-04-2022 12:15
Total changes: - 6

Description

Profinet-IO (PNIO) stack versions prior V06.00 do not properly limit internal resource allocation when multiple legitimate diagnostic package requests are sent to the DCE-RPC interface. This could lead to a denial of service condition due to lack of memory for devices that include a vulnerable version of the stack. The security vulnerability could be exploited by an attacker with network access to an affected device. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise the availability of the device.

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Low
Attack complexity
Network
Attack vector
High
Availability
None
Confidentiality
None
Integrity
None
Privileges required
Unchanged
Scope
None
User interaction
7.5
Base score
3.9
3.6
Exploitability score
Impact score
 

Verification logic

OR
OR
vendor=siemens AND product=dk_standard_ethernet_controller
vendor=siemens AND product=profinet_driver AND versionEndExcluding=2.1
vendor=siemens AND product=simatic_ipc_support
AND
OR
vendor=siemens AND product=ek-ertec_200_firmware AND versionEndExcluding=4.5
OR
vendor=siemens AND product=ek-ertec_200 AND version=-
AND
OR
vendor=siemens AND product=ek-ertec_200p_firmware AND versionEndExcluding=4.6
OR
vendor=siemens AND product=ek-ertec_200p AND version=-
AND
OR
vendor=siemens AND product=ruggedcom_rm1224_firmware AND versionEndExcluding=4.3
OR
vendor=siemens AND product=ruggedcom_rm1224 AND version=-
AND
OR
vendor=siemens AND product=scalance_m-800_firmware AND versionEndExcluding=4.3
OR
vendor=siemens AND product=scalance_m-800 AND version=-
AND
OR
vendor=siemens AND product=scalance_s615_firmware AND versionEndExcluding=4.3
OR
vendor=siemens AND product=scalance_s615 AND version=-
AND
OR
vendor=siemens AND product=scalance_w700_ieee_802.11n_firmware AND versionEndIncluding=6.0.1
OR
vendor=siemens AND product=scalance_w700_ieee_802.11n AND version=-
AND
OR
vendor=siemens AND product=scalance_xc-200_firmware
OR
vendor=siemens AND product=scalance_xc-200 AND version=-
AND
OR
vendor=siemens AND product=scalance_xf-200_firmware
OR
vendor=siemens AND product=scalance_xf-200 AND version=-
AND
OR
vendor=siemens AND product=scalance_xp-200_firmware
OR
vendor=siemens AND product=scalance_xp-200 AND version=-
AND
OR
vendor=siemens AND product=scalance_xb-200_firmware
OR
vendor=siemens AND product=scalance_xb-200 AND version=-
AND
OR
vendor=siemens AND product=scalance_x-200irt_firmware AND versionEndExcluding=5.3
OR
vendor=siemens AND product=scalance_x-200irt AND version=-
AND
OR
vendor=siemens AND product=scalance_xr-300wg_firmware AND versionEndExcluding=3.0
OR
vendor=siemens AND product=scalance_xr-300wg AND version=-
AND
OR
vendor=siemens AND product=scalance_x-300_firmware
OR
vendor=siemens AND product=scalance_x-300 AND version=-
AND
OR
vendor=siemens AND product=scalance_xb-200_firmware AND versionEndExcluding=3.0
OR
vendor=siemens AND product=scalance_xb-200 AND version=-
AND
OR
vendor=siemens AND product=scalance_xc-200_firmware AND versionEndExcluding=3.0
OR
vendor=siemens AND product=scalance_xc-200 AND version=-
AND
OR
vendor=siemens AND product=scalance_xp-200_firmware AND versionEndExcluding=3.0
OR
vendor=siemens AND product=scalance_xp-200 AND version=-
AND
OR
vendor=siemens AND product=scalance_xf-200ba_firmware AND versionEndExcluding=3.0
OR
vendor=siemens AND product=scalance_xf-200ba AND version=-
AND
OR
vendor=siemens AND product=scalance_xr-300wg_firmware AND versionEndExcluding=3.0
OR
vendor=siemens AND product=scalance_xr-300wg AND version=-
AND
OR
vendor=siemens AND product=scalance_x-400_firmware AND versionEndExcluding=6.0
OR
vendor=siemens AND product=scalance_x-400 AND version=-
AND
OR
vendor=siemens AND product=scalance_xm-400_firmware AND versionEndExcluding=6.0
OR
vendor=siemens AND product=scalance_xm-400 AND version=-
AND
OR
vendor=siemens AND product=scalance_xr524_firmware AND versionEndExcluding=6.0
OR
vendor=siemens AND product=scalance_xr524 AND version=-
AND
OR
vendor=siemens AND product=scalance_xr526_firmware AND versionEndExcluding=6.0
OR
vendor=siemens AND product=scalance_xr526 AND version=-
AND
OR
vendor=siemens AND product=scalance_xr528_firmware AND versionEndExcluding=6.0
OR
vendor=siemens AND product=scalance_xr528 AND version=-
AND
OR
vendor=siemens AND product=scalance_xr552_firmware AND versionEndExcluding=6.0
OR
vendor=siemens AND product=scalance_xr552 AND version=-
AND
OR
vendor=siemens AND product=simatic_cp_1616_firmware AND versionEndExcluding=2.8
OR
vendor=siemens AND product=simatic_cp_1616 AND version=-
AND
OR
vendor=siemens AND product=simatic_cp_1604_firmware AND versionEndExcluding=2.8
OR
vendor=siemens AND product=simatic_cp_1604 AND version=-
AND
OR
vendor=siemens AND product=simatic_cp_343-1_firmware
OR
vendor=siemens AND product=simatic_cp_343-1 AND version=-
AND
OR
vendor=siemens AND product=simatic_cp_343-1_advanced_firmware
OR
vendor=siemens AND product=simatic_cp_343-1_advanced AND version=-
AND
OR
vendor=siemens AND product=simatic_cp_343-1_erpc_firmware
OR
vendor=siemens AND product=simatic_cp_343-1_erpc AND version=-
AND
OR
vendor=siemens AND product=simatic_cp_343-1_lean_firmware
OR
vendor=siemens AND product=simatic_cp_343-1_lean AND version=-
AND
OR
vendor=siemens AND product=simatic_cp_443-1_firmware
OR
vendor=siemens AND product=simatic_cp_443-1 AND version=-
AND
OR
vendor=siemens AND product=simatic_cp_443-1_advanced_firmware
OR
vendor=siemens AND product=simatic_cp_443-1_advanced AND version=-
AND
OR
vendor=siemens AND product=simatic_cp_443-1_opc_ua_firmware
OR
vendor=siemens AND product=simatic_cp_443-1_opc_ua AND version=-
AND
OR
vendor=siemens AND product=simatic_et200al_im_157-1_pn_firmware
OR
vendor=siemens AND product=simatic_et200al_im_157-1_pn AND version=-
AND
OR
vendor=siemens AND product=simatic_et200m_im153-4_pn_io_hf_firmware
OR
vendor=siemens AND product=simatic_et200m_im153-4_pn_io_hf AND version=-
AND
OR
vendor=siemens AND product=simatic_et200m_im153-4_pn_io_st_firmware
OR
vendor=siemens AND product=simatic_et200m_im153-4_pn_io_st AND version=-
AND
OR
vendor=siemens AND product=simatic_et200mp_im155-5_pn_hf_firmware AND versionEndExcluding=4.2.0
OR
vendor=siemens AND product=simatic_et200mp_im155-5_pn_hf AND version=-
AND
OR
vendor=siemens AND product=simatic_et200mp_im155-5_pn_st_firmware AND versionEndExcluding=4.1.0
OR
vendor=siemens AND product=simatic_et200mp_im155-5_pn_st AND version=-
AND
OR
vendor=siemens AND product=simatic_et200s_firmware
OR
vendor=siemens AND product=simatic_et200s AND version=-
AND
OR
vendor=siemens AND product=simatic_et200sp_im155-6_pn_basic_firmware
OR
vendor=siemens AND product=simatic_et200sp_im155-6_pn_basic AND version=-
AND
OR
vendor=siemens AND product=simatic_et200sp_im155-6_pn_hf_firmware AND versionEndExcluding=3.3.1
OR
vendor=siemens AND product=simatic_et200sp_im155-6_pn_hf AND version=-
AND
OR
vendor=siemens AND product=simatic_et200sp_im155-6_pn_st_firmware AND versionEndExcluding=4.1.0
OR
vendor=siemens AND product=simatic_et200sp_im155-6_pn_st AND version=-
AND
OR
vendor=siemens AND product=simatic_et200ecopn_firmware
OR
vendor=siemens AND product=simatic_et200ecopn AND version=-
AND
OR
vendor=siemens AND product=simatic_et200pro_firmware
OR
vendor=siemens AND product=simatic_et200pro AND version=-
AND
OR
vendor=siemens AND product=im_154-3_pn_hf_firmware
OR
vendor=siemens AND product=im_154-3_pn_hf AND version=-
AND
OR
vendor=siemens AND product=im_154-4_pn_hf_firmware
OR
vendor=siemens AND product=im_154-4_pn_hf AND version=-
AND
OR
vendor=siemens AND product=simatic_mv440_firmware
OR
vendor=siemens AND product=simatic_mv440 AND version=-
AND
OR
vendor=siemens AND product=simatic_mv420_firmware
OR
vendor=siemens AND product=simatic_mv420 AND version=-
AND
OR
vendor=siemens AND product=simatic_pn\/pn_coupler_firmware
OR
vendor=siemens AND product=simatic_pn\/pn_coupler AND version=-
AND
OR
vendor=siemens AND product=simatic_rf180c_firmware
OR
vendor=siemens AND product=simatic_rf180c AND version=-
AND
OR
vendor=siemens AND product=simatic_rf182c_firmware
OR
vendor=siemens AND product=simatic_rf182c AND version=-
AND
OR
vendor=siemens AND product=simatic_rf600_firmware AND versionEndExcluding=3.0
OR
vendor=siemens AND product=simatic_rf600 AND version=-
AND
OR
vendor=siemens AND product=sinamics_dcp_firmware AND versionEndExcluding=1.3
OR
vendor=siemens AND product=sinamics_dcp AND version=-
 

Reference

 


Keywords

NVD

 

CVE-2019-13946

 

CVE

 

Common vulnerabilities & exposures

 

CVSS

 

Common vulnerability scoring system

 

Security

 

Vulnerabilities

 

Exposures

 

We use cookies to ensure that we give you the best experience on our website. Read privacy policies for more information.